Spectre and Meltdown flaws being exploited by more than 100 strains of malware

Researchers have gathered more than 130 samples of malware that try to exploit Meltdown and Spectre, although most appear to be proof-of-concept code.

Spectre-Meltdown: What business needs to knowTechRepublic's Nick Heath explains how Spectre-Meltdown works, who it affects, and how business can protect critical data from exploits.

Security researchers are discovering a growing amount of malware that exploits the Spectre and Meltdown CPU flaws.

Spectre and Meltdown are vulnerabilities in modern chip design that could allow attackers to bypass system protections on nearly every recent PC, server and smartphone—allowing hackers to read sensitive information, such as passwords, from memory.

Researchers have gathered more than 130 samples of malware that try to exploit Meltdown and Spectre, although most appear to be proof-of-concept code rather than being used in attacks.

Security firm Fortinet says all of the publicly available samples of malware it analyzed appeared to be test code, although it was unable to analyze some Spectre/Meltdown-exploiting malware, due to it not being released into the public domain.

Much of this new malware was identified by the AV-TEST Institute, which found 139 samples targeting Meltdown (CVE-2017-5754) and both variants of the Spectre vulnerability (CVE-2017-5753 and CVE-2017-5715). This malware was targeted at PCs running Windows, macOS and Linux-based operating systems, and also includes JavaScript malware designed to run in the Internet Explorer, Chrome and Firefox browsers.

Since the Meltdown and Spectre flaws were publicly revealed in January, major operating systems and browsers have received patches to reduce the risk from both vulnerabilities.

"I'm sure, the malware writers are still in the "research phase" for attacks, but I wouldn't wonder if we see the first targeted attacks, or even more widespread malware, in the near future," said Andreas Marx, CEO of AV-TEST.

"The most likely attack method regarding Spectre and Meltdown will be via web browsers and their integrated scripting engines. So I'd recommend to upgrade to the latest available versions as soon as possible," he said, adding that closing the browser and shutting down the PC when it's not in use would also reduce the risk.

However, patching against variant 2 of the Spectre vulnerability has proven to be particularly difficult, due to it being related to a fundamental feature of modern CPUs, specifically their use of Branch Prediction and Speculative Execution to accelerate the rate at which they operate.

The upshot has been that Intel firmware updates to reduce the risk of a successful attack exploiting Spectre variant 2 have caused instability and unexpected reboots in systems, leading Intel to pull the fix.

Both Intel and AMD, the firms whose chips are found inside most PCs and servers, say they are working on mitigating the risk posed by Spectre vulnerabilities in future processors.

However, it remains to be seen whether AMD and Intel will be able to redesign their processors to nullify the risk from Spectre without having a significant impact on performance.

"One of the key challenges with addressing the Meltdown and Spectre vulnerabilities — besides the fact that the affected chips are already embedded in millions of devices running in home or production environments — is that developing a patch that resolves their exposed side-channel issues is extremely complicated," said researchers from Fortinet.

"Which is why, in addition to establishing an aggressive and proactive patch-and-replace protocol, it is essential that organizations have layers of security in place designed to detect malicious activity and malware, and to protect vulnerable systems."

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays